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Detailed Action 

Examiner's Amendment 

An examiner*s amendment to the record appears below. Should the changes 
and/or additions be unacceptable to the applicants, an amendment may be filed as 
provided by 37 CFR 1 .312. To ensure consideration of such an amendment, it must be 
submitted no later than the payment of the issue fee. 

Authorization for this Examiner's Amendment was given on March 27, 2007 by 
Kevin J. Zilka. 

The following are the examiner's amendments to the claims received on March 
31,2006: 

1 1 . (Currently Amended) A comput e r roadab l o medium having storage device storing 
computer-executable instructions to automatically configure a firewall operating within 
an individual computer comprising: determining a zone for a network address assigned 
dynamically to a network adapter in the individual computer; defining the zone based on 
a set of network addresses including at least one address outside the zone; and 
associating a security policy for the zone with the network adapter, the security policy 
specifying the firewall configuration to protect the individual computer; wherein the 
security policy is defined by a policy file which includes a policy file data structure stored 
as an XML (extensible markup language) document; wherein a security policy section of 
the policy file data structure includes an entry for each security policy that is identified 
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by a policy identifier field and is associated with a network protocol that is identified by a 
protocol identifier field; wherein the security policy section specifies filters for at least a 
portion of ports and services defined by the network protocol, and each port and service 
associated with the security policy is identified by an element identifier field, a field 
contained filter settings, and a log indicator field; wherein at least one security policy is 
included for a TCP/IP network and includes a PPTP (point-to-point tunneling protocol), a 
RIP (routing information protocol), a DHCP (dynamic host configuration protocol), an 
ARP (address resolution protocol), an Ident (identification protocol), ICMP (internet 
control message protocol) and VPN (virtual private networking) ports, and a NetBIOS 
(network basic input/output system) service; wherein a default setting for a high security 
policy on the TCP/IP network disallows incoming network traffic through the PPTP and 
ICMP ports, allows incoming network traffic through the RIP, DHCP, ARP and VPN 
ports, disallows access through the NetBIOS service to shared resources on the 
individual computer, and disallows the individual computer from using shared resources 
of other coniputers on the TCP/IP network where incoming network traffic that attempts 
to access the individual computer using PPTP and NetBIOS is logged; wherein a zone 
section of the policy file data structure includes an entry for each defined address zone 
and includes an identifier field, an address parameters field that defines the zone, and 
an identifier field for the security policy assigned to the zone; wherein a default zone is 
defined by addresses that are outside another zone; wherein the determining and 
associating is performed when the network address for the network adapter changes; 
wherein the security policy associated with the network protocol is specific to the 
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network protocol; wherein the network address dynamically assigned to the network 
adapter is determined by at least one of: mapping an adapter registry identifier to an 
associated network address stored in an operating system registry; monitoring network 
traffic at the network adapter and examining a predefined limited amount of the network 
traffic to determine the network address; and receiving a network address from a 
network adapter device driver when the network adapter connects to the TCP/IP 
network. 

12. (Currently Amended) The computer r o adab lo m e d i um storage device of claim 1 1 
having storing further computer-readable instructions comprising: determining the 
network address assigned to the network adapter. 

13. (Currently Amended) The comout o r readabl e m e dium storage device of claim 11 
hav i ng storing further computer-readable instructions comprising: assigning the security 
policy to the zone. 

14. (Currently Amended) The comput e r r o adab lo medium storage device of claim 1 1 
having storing further computer-readable instructions comprising: retrieving the policy 
file that contains definitions for the zone and the security policy and specifies that the 
security policy is assigned to the zone. 
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1 5. (Currently Amended) The comput e r r e adab l e m e dium storage device of claim 14 
hav i ng storing further computer-readable instructions comprising: creating the policy file 
from data input by a user. 

16. (Currently Amended) The comput e r r e adabl e m e dium storage device of claim 14 
hav i ng storing further computer readable instructions comprising: creating the policy file 
from data input by an administrator. 

17. (Currently Amended) The comput e r - r e adab le m e dium storage device of claim 14 
hav i ng storing further computer-readable instructions comprising: receiving data from a 
predetermined location on the network through the network adapter; and creating the 
policy file from the data. 

1 9. (Currently Amended) The comput e r - r e adabl e m e d i um storage device of claim 1 1 
having storing further computer-readable instructions comprising: including at least one 
address within the zone in the set of network addresses. 

Allowable Subject Matter 

Claims 1,2.4,6-17,19,21,24,26 and 28-32 are allowed. 

The following is an examiner's statement of reasons for allowance: No prior arts 
could be found to teach (alone or in combination) all the features within the independent 
claims. In particular, no prior art could be found to teach a firewall system wherein, "the 



Application/Control Number: 09/803,527 Page 6 

Art Unit: 2145 

determining and associating is performed winen the network address for the network 
adapter changes." 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Azizul Choudhury whose telephone number is (571) 
272-3909. The examiner can normally be reached on M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jason Cardone can be reached on (571) 272-3933. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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